Are we seeing a tangible international shift in how we protect data?
No. 45: Bringing you the news that matters in video privacy and security
A note from our Editor
Hi all,
While several countries have been slow to adapt, we may be starting to see a shift in attitudes towards data privacy laws globally. Across the world, there is a resounding effort to encourage new legislation as well as update, adapt and properly enforce existing legislation.
Australia, the telecom provider, Optus, has just suffered a major cybersecurity breach affecting nearly 10 million people. This breach is being described as one of the most serious Australian privacy breaches and has triggered the Australian government to consider tougher cyber security measures.
In Europe, we continue to see enforcement of the GDPR by national DPOs, as well as the Court of Justice of the European Union (CJEU). Following Schrems II, there are still remaining questions about international data transfers to non-EU countries without adequacy decisions, particularly with multinational companies. Google Analytics has just been found to violate GDPR in yet another European country. This time - Denmark, where the Danish DPA has ordered a halt on its use unless sufficient supplementary measures are included. This decision follows similar decisions from Austria, Italy, and France.
In Asia, Indonesia has just passed sweeping new data protection legislation imposing new responsibilities and consequences for data controllers who do not adequately protect the data of Indonesians. This comes following several data leaks having a wide impact across the public sector in Indonesia. This new law makes Indonesia the fifth country in southeast Asia to pass data protection legislation, following Singapore, Malaysia, Thailand, and the Philippines.
As always, please send any feedback or topics of interest you would like to be covered.
Seena
News
The US adjusts Iranian sanctions to help citizens avoid state surveillance amid protests
The US Treasury Department has agreed to expand the range of Internet services available to Iranians to help them avoid state surveillance and censorship. This is following the clamping down on dissent after protests over the death of a 22 year old woman in police custody. This license includes social media platforms, as well as cloud-based VPNs to help guarantee anonymity for users online.
The Guardian: US to expand internet access to help Iranians evade state surveillance
Reuters: U.S. adjusts sanctions to help Iranians evade online surveillance, censorship
CJEU rules that German data retention laws violate EU law
The Court of Justice of the European Union (CJEU) has ruled that German laws which require telecom companies to retain customer traffic and location data for several weeks breach EU law. While the government has argued that access to this data is essential to help national security and prevent potential terrorist attacks, the Court found that the German law applied to a "very broad set" of information.
Security Week: EU Court Rules Against German Data Collection Law
Reuters: Germany's blanket data retention law is illegal, EU top court says
CCTV is now being used to tackle illegal parking near schools in Lincolnshire
North East Lincolnshire Council has recently introduced new CCTV cameras outside schools to help curb illegal parking and more easily issue fines to those who violate them. This new use of video surveillance is part of an effort to encourage responsible parking and help improve children's safety.
Nelincs.gov.uk: New CCTV tackles illegal stopping and parking near school
Large-scale Optus breach puts near 10 million Australian customers at risk
Australia's second-largest telecom provider, Optus, reported a cyber-attack whereby the data of 9.8 million people dating back to 2017 was compromised. This breach has included the loss of "significant amounts of data" for 2.8 million people, including names, phone numbers, passport numbers, and license numbers.
ABC News: Australia mulls tougher cybersecurity laws after data breach
Tech Crunch: Optus, Australia’s second largest telco, says customer data exposed in data breach
Denmark rules Google Analytics violates GDPR
The Danish data protection authority, Datatilsynet, has found that Google Analytics violates GDPR and has ordered a halt on its use for data transfers to the United States without supplementary measures. Companies using Google Analytics now have to assess their use and either implement additional measures or stop using it.
Computing: Denmark latest to conclude Google Analytics is unlawful
IAPP: Danish DPA renders decision against Google Analytics transfers
AI Snippet of the Week
"Digital masks" can provide a great new solution to protect patient privacy online
Researchers from the UK and China have successfully used 3D reconstruction and deep learning algorithms to help facially diagnose patients while still protecting privacy. While facial analysis can be useful for medical diagnosis, there are privacy concerns of patients who are uneasy with sharing this biometric data. This new “digital mask” helps alleviate these concerns by removing identifiable biometric information.
Health Tech World: ‘Digital mask’ protects patient privacy
University of Cambridge: ‘Digital mask’ could protect patients’ privacy in medical records
Policy Updates
Indonesia passes brand new data privacy legislation
Indonesia has recently passed the Personal Data Protection Bill, a new piece of legislation to help protect the data privacy of citizens. These new rules will mean data handlers who breach the data of data subjects can face fines of up to 2% of revenue, as well as strict prison penalties of up to 6 years.
Tech Crunch: Indonesia passes much-anticipated data privacy law to put bad actors behind bars
To subscribe to our fortnightly newsletter, please click here
Thanks for reading, if you have any suggestions for topics or content that you want to see covered in future please drop a note to: info@secureredact.co.uk